ASRC Federal Broadleaf Division (Prime) is actively hiring a Cloud Security Auditor in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA.

 

This is primarily a Telework position with a requirement to be onsite at least two (2) days a week at Quantico Marine Corps Base VA.

 

DUTIES:

As a Cloud Security Auditor, you will be responsible for assessing the organization's cloud implementations and security controls to determine whether they meet DoD and industry standards. As the Cloud Security Auditor, you will assess the cloud security status by conducting posture reviews of all Agency Cloud Systems to include:

Identify and document all gaps against cloud cybersecurity requirements, ensuring thorough analysis and accuracy Provide weekly Cloud Security Posture Review Reports detailing all identified gaps and actions taken to address them Produce a full Cloud Security Posture Review Report at the end of the month, summarizing all gaps and the corresponding remediation efforts Collaborate with stakeholders to ensure alignment of audit findings with organizational cybersecurity goals and requirements Collaborating with Cloud Engineers to develop and implement effective cloud security strategies Maintain detailed documentation and reports of all posture review activities, findings, and responses Stay current with the latest cloud security trends, tools, and best practices to ensure the effectiveness of posture reviews Working together with stakeholders to implement necessary security improvements Provides security and technical expertise to support the development of security objects to satisfy business requirements

 

BASIC QUALIFICATIONS: 

Candidates should have a proven background working in cloud environments with experience and knowledge in the following areas: 

Security automation with tools such as Splunk and STIG scanner Analyzing and administering security policies to control physical and virtual system access Identifying and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security Identifying, developing, and implementing mechanisms to detect security incidents to enhance compliance and support of the security standards and procedures Assessing business role requirements, reviews authorization roles, and supports authorizations Demonstrating a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users Validating system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction Implementing best practice when applying knowledge of information systems security standards/practices (e.g. Access control and system hardening, system audit and log file monitoring, security policies, and incident handling) Design and coordinating activities/engagements with other departments Identifying security gaps that expose the Agency to potential exploit and develop short- and long-term prioritized remediation to address those gaps Developing and executing security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations Determining strategy and protocol for network behavior, analysis techniques, and tool implementation Providing subject matter expertise in systems security policies, standards/practices, protocols, and technologies. Creating dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps Identifying opportunities for streamlining and increasing effectiveness through continuous process improvement Implementing practices, processes, and procedures consistent with the Agency’s information security policy and IT standards Developing and documents security events and incident handling procedures into Playbooks Collaborates with business partners, project teams, and team members to build secure solutions that protects data and enables the business with tools and processes that make sense and adapt to changing business needs both on-premises and in the cloud. Works with cloud engineers to identify security solutions that support their business requirements Partners with other Information Security groups to conduct security risk assessments on new solutions and systems, periodic security risk assessments on existing systems; and identifies and/or recommends appropriate security mitigations and best practices

#Broadleaf